In general, managed network or system security programs or platforms are designed to try to detect threats from malicious actors and take actions to address or remediate such threats. However, the volume and frequency of malicious actions or threats is increasing, and new and/or more covert or difficult to detect threats also are being developed at an alarming rate. The actions taken by attackers/malicious actors many times only become recognizable as part of a threat or become apparent in hindsight, and thus often are noticeable/detectible sometime only after security has been initially compromised, and/or with threat/malicious actions frequently changing or modifying their tactics, making it difficult to quickly identify, detect and/or stop malicious actors/attackers from inflicting serious harm.
To try to combat such malicious actors, threat intelligence communities have developed, in which security application developers, vendors and users can share indicators of compromises (IOCs) such as IP addresses, URL's, vulnerabilities, malicious software hashes, analytics, and other information known to be used by or indicative or a potential threats or malicious actors. However, such communities are established on a trust basis and generally rely upon authentication using common methods. As a result, if a threat or malicious actor gains access to the community and/or the information and analytics being exchanged between the members thereof, they can gain a significant tactical advantage by knowing what features or other identifying information is being used and how such information is analyzed by security programs or providers and/or personnel among the community to detect their attacks, and can change their tactics accordingly to help them evade detection.
It therefore can be seen that a need exists for a system and method for data owners to be able to share security data and analytics in a manner to enable the rapid development of new or updated security applications or models for detecting or deterring malicious actors. The present disclosure addresses these and other related and unrelated problems in the art.